404 – Plane Not Found!

January 28, 2015
by Alex Tough

On Monday morning, the main page of its website was replaced by the words “404 – Plane Not Found” and “Hacked by Lizard Squad”. Initially the words “ISIS will prevail” appeared in the browser tab for the page, but that has since disappeared.

It is not clear why Malaysia Airlines has become the target of a cyber attack nor what connection the hack has to Islamic State, the militant group sometimes referred to as ISIS which has declared an Islamic caliphate in parts of Syria and Iraq.

Lizard Squad claimed on Twitter that it would release data from Malaysia Airlines, but did not specify what information it might have. “Going to dump some loot found on www.malaysiaairlines.com servers soon,” the group claimed.

Lizard Squad is best known for launching the denial of service attacks that took down the Xbox Live and PlayStation Networks at Christmas, shortly before launching a DDoS-for-hire service.

The group, whose attitude and swagger recalls that of LulzSec, has yet to substantiate claims of a deep penetration attack against Malaysia Airlines, which the troubled airline firmly denies

Earlier this month, hackers claiming to be similarly aligned with the Islamic State extremist group took control of the U.S. Central Command’s primary Twitter and YouTube accounts, posting office phone numbers of top military officers and what they said were confidential military documents.

‘Not been hacked’

Malaysia Airlines confirmed in a statement that its “Domain Name System (DNS) has been compromised where users are re-directed to a hacker website”.

But it said its own web servers were intact and the website itself had not been hacked into.

It said “this temporary glitch does not affect [customer] bookings” and user data “remains secured”. It added that it would take 22 hours to restore the website.

The airline attributes the apparent defacement to a redirection rather than an actual attack on its site. The company said its web servers are intact and customer bookings and data are secure. It added that its domain name system was compromised. Later Monday, the website had returned to operation.